SAINT CorporationSAINT:68F1885770ADAE7A008AE350C05CF093WebEx Meeting Manager atucfobj.dll ActiveX buffer overflow
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.93 High
EPSS
Percentile
99.0%
Added: 08/22/2008
CVE: CVE-2008-3558
BID: 30578
OSVDB: 47344
Background
The WebEx Meeting Manager is automatically installed when a user starts or joins a meeting.
Problem
A buffer overflow vulnerability in the **atucfobj.dll** ActiveX control allows command execution when a user loads a web page which calls the **NewObject** method with a specially crafted parameter.
Resolution
Remove the WebEx Meeting Manager. A fixed version will be installed the next time a user starts or joins a meeting hosted by a WebEx server running a fixed software version.
References
<http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0084.html>
<http://www.cisco.com/warp/public/707/cisco-sa-20080814-webex.shtml>
Limitations
Exploit works on WebEx Meeting Manager 20.2008.2601.4928 and requires a user to load the exploit page in Internet Explorer.
Platforms
Windows
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.93 High
EPSS
Percentile
99.0%